Understanding DoS
A DoS (Denial of Service) is a type of attack that denies a resource to someone. I will be explaining some of the basic concepts of a DoS, different types, and teach the basics of the simplest effective DoS (in my opinion at least) and how to make your own.
What does a DoS do?
A DoS is an attack that has the sole purpose of denying computational resources to somebody. In most cases the resource is a server and/or server software, however there are other DoS types that target non-server based resources, however that is outside the scope of this topic but I may cover them in a different one. A successfull DoS will either shut down the resource entirely, tie up all the available resources, or render it too slow to operate effectively. Even an unsuccessfull DoS can slow traffic down a significant amount.
Different Types of DoSes
There are a few different kinds of DoS, but the two most commonly seen are Flood and Exploits. A flood DoS consists of sending vast quantities of data to a specified port on a host in the hopes of cauaing the software running the port to crash from excessive data flow. This type is the easiest, most common, and also the least effective. An exploit DoS relies on a known bug in the server software that will either crash it or tie up its resources. An example of this would be the slowloris exploit. These types of DoS are more rare and harder to pull off due to the constraints of vulnerable software and exploitable bugs, but are vastly more efficient and effective as a result.
The Basics of a DoS: SYN Flood
In my opinion, the SYN flood is a wonderful DoS. It is lightweight, compact, and deligtfully fast when used right. And it is quite easy to learn. However, I just want to show the theory of a DoS tool, so I will be using Scapy, since it is easy to see the various parts of the packet, and as an added bonus is inefficient at rapid sending so you cannot take this lesson and directly use it illegally (well, effectivly at least...)
I am assuming you know at least the basics of networking, TCP/IP theory and packet encapsulation, but if not I will cover the basics here:
TCP (Transmission Control Protocol) is used for connecting sessions of data transfer. It is a layer above IP (Internet protocol). The TCP packet is contained in the IP packet so to speak, and all the respective information is stored inside each of the capsules.
The part we will be leveraging for the DoS to get to most bang for our buck is the TCP handshake. To start any TCP socket connection (which 95% of all services use), several TCP packets are sent to verify that the client is connecting. The TCP packet will have various flags set in a particular order, as shown below:
client -------SYN-------> server
<----SYN/ACK----
-------ACK------->
The SYN packet starts the handshake, the SYN/ACK is acknowledging the client, then the ACK is finalizing the handshake, validating that the client recieved the SYN/ACK. What we are going to do is send a flood of SYN packets to the server. What this will do is a two step punch. Not only will it flood the server with vast amounts of packets, it will also be sending response packets, and since we arent going to acknowledge to SYN/ACK packet, the sockets should be tied up until they timeout, which is usually more than a minute. Lets open up python and get started:
>>> from scapy.all import *
Now we build the packet.
>>> pkt = IP(dst="fakesite.com", src="123.45.67.89")/ TCP(dport=80, flags="S")
What we just did was create a TCP SYN packet with a destination port of 80, then wrapped it in an IP packet with a destination address of fakesite.com and a source address of 123.45.67.89. Now the interesting piece of this is that the source address can be set to *any* valid IP, so this attack can be completely anonymous. Then all we have to do is put it into a basic loop and we have a SYN DoS:
>>> while True: send(pkt)
It was that easy, just 3 lines of code. I hope you enjoyed this and maybe learned something from it. Feel free to post any questions/comments/requests/tipsetc.
